PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
3,785 Commits 2 Branches 0 Tags
d3150aa5a375ebaae10d1889f95be21fd71b232c
Commit Graph

3785 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
david
d3150aa5a3 Minor updates to smtp-open-relay.nse from Duarte Silva. 2010-03-09 20:17:55 +00:00
ron
82fe004f3b Added matchline for the Arucer backdoor. The Arucer backdoor was found to be packaged with drivers for the Energizer USB recharger: http://www.kb.cert.org/vuls/id/154421 2010-03-08 18:22:50 +00:00
david
dd68307fe8 Use capital letters in package names. The Snow Leopard PackageMaker seems to 
require that. Without it, I get the warnings

    Warning: Package "Nmap" is not assigned to a choice.
    Warning: Package "Zenmap" is not assigned to a choice.
    Warning: Package "Ncat" is not assigned to a choice.
    Warning: Package "Ndiff" is not assigned to a choice.
    Warning: Package "Nping" is not assigned to a choice.
    Warning: Choice "Nmap" has no subchoices and no package refs.
    Warning: Choice "Zenmap" has no subchoices and no package refs.
    Warning: Choice "Ncat" has no subchoices and no package refs.
    Warning: Choice "Ndiff" has no subchoices and no package refs.
    Warning: Choice "Nping" has no subchoices and no package refs.

In the built installer, all the choices said "Zero KB" and the "Continue"
button was not clickable.
 2010-03-07 05:36:26 +00:00
david
d4f8da67ea Change to snmp-interfaces from Thomas Buchanan: change the scope of a 
constant table and adjust verbose/non-verbose output.
 2010-03-07 04:07:11 +00:00
david
020d816537 Change "vladz" to "jlanthea" by his request. 2010-03-06 18:59:03 +00:00
kris
c2110ee6bd script-updatedb 2010-03-06 18:40:35 +00:00
david
34bca6a73b Fix the printing of the warning 
Warning: --min-parallelism and --max-parallelism are ignored with --scan-delay.
It was checking o.min_parallelism against -1, when its default value is
0.
 2010-03-06 17:48:56 +00:00
david
39a80f1987 Make --resume work with the new "Nmap scan report " strings. It also 
works when there was no reverse DNS resolution, which didn't work with
the old format. This patch is from vladz.
http://seclists.org/nmap-dev/2010/q1/770
 2010-03-05 23:46:42 +00:00
david
112f012368 Add the snmp-interfaces script from Thomas Buchanan. 2010-03-05 20:19:04 +00:00
david
82ead9256e Make some output changes suggested by greengreat. Mention the S: SCTP 
port specifier. Mention -PY in the ping probe error output. Use the word
"protocol" instead of "port" in the error output for -PO.
 2010-03-05 19:54:45 +00:00
david
9fee7968f9 Make a slight change to the order in which ping probes are sent to match 
research. -PY should come after, not before -PU. -PM should be the last
one.
 2010-03-05 19:45:58 +00:00
fyodor
45cb43151c update version numbers of examples in HACKING file 2010-03-05 02:33:07 +00:00
fyodor
330d2544e2 Minor updates throughout the file 2010-03-05 02:27:28 +00:00
kris
fafcef637f simple comment and whitespace fix 2010-03-04 21:56:29 +00:00
patrik
118e029b0e o [NSE] Added a new library for PostgreSQL and the script pgsql-brute that uses 
it to guess credentials. [Patrik]
 2010-03-04 19:18:55 +00:00
patrik
2828af7ca7 Add ldap-search.nse 2010-03-04 19:10:48 +00:00
patrik
a439772d2a o [NSE] Added the script ldap-search which queries a LDAP directory 
for either all or a number of pre-defined object types. [Patrik]
 2010-03-04 19:07:56 +00:00
david
a2798e0120 Add some more script review to TODO. 2010-03-03 22:44:46 +00:00
david
6e1daddd55 Break out the code in smb-psexec.nse that looks for nmap_service.exe, so 
an error message can be displayed in verbose mode, without requiring
debugging.
 2010-03-03 22:27:51 +00:00
fyodor
7b3ae6c7d3 some work finished 2010-03-03 21:55:51 +00:00
david
eb15f3ae27 Update vcredist_x86.exe to version 9.0.30729.4148. Axel Pettinger reported that 
the previous version, 9.0.30729.17, causes a Windows Update when installed on
Windows 7 because the old version was the subject of security advisory
MS09-035. See http://seclists.org/nmap-dev/2010/q1/528 for lots of links and
details.

The file I downloaded was from

"Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update"
http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c&displaylang=en

Specifically,

http://download.microsoft.com/download/9/7/7/977B481A-7BA6-4E30-AC40-ED51EB2028F2/vcredist_x86.exe
 2010-03-03 00:25:28 +00:00
david
1906c0febd Don't print out a blank line in http-methods.nse when there's nothing to 
report.
 2010-03-02 22:44:10 +00:00
david
a90ba28583 Have http-methods.nse highlight "interesting" methods as "potentially 
risky" methods. Provide a link to the NSEDoc and to the OWASP page on
methods for more information.
 2010-03-02 22:34:11 +00:00
david
ce18e4bb54 Make http-methods.nse merge the contents of the Allow and Public 
headers, as suggested by Patrik Karlsson.
 2010-03-02 20:27:08 +00:00
david
a39c302fcc Re-block the socket before sending in subprocess_thread_func. The 
WSAEventSelect call we make to find out when the socket is ready for reading,
also makes it non-blocking for the purpose of writing. A fast-writing process
could cause a WSAEWOULDBLOCK error. This was reported by David Millis.
 2010-03-02 19:24:32 +00:00
david
5e8f88194d Use socket_errno() instead of errno in NSE raw socket code, to get 
Windows errors.
 2010-03-02 18:29:22 +00:00
david
9fb01bdb3b Add to CHANGELOG: 
o [Ncat] Fixed a bug that prevented detecting EOF from stdin on
  Windows. This was reported by Adrian Crenshaw and Andy Zwirko.
  [David]
 2010-03-02 06:55:15 +00:00
kris
cb9c2c9a03 Remove duplicate changelog entry, left over from v5.21 rearrange 2010-03-02 01:18:52 +00:00
david
8112f5d03f Add some further improvements to smtp-open-relay.nse from Duarte Silva, 
checking for EOF and TIMEOUT errors.
 2010-03-01 23:05:22 +00:00
david
9232479ee7 o [Nsock] WSAEACCES was added to the list of known connect error 
codes. This error can happen on Windows when a port is blocked by
  Windows Firewall. Thanks to taemun for reporting this and
  investigating.
 2010-03-01 22:39:39 +00:00
david
b3edd3d4c0 Make json.lua string escaping/unescaping a little nicer. Derive both 
forward and reverse escapes from a single table.
 2010-02-28 22:05:04 +00:00
david
15915eb793 Make Json:parseValue handle any kind of value, without taking a 
parameter to control whether only top-level structures are allowed.
Instead, move the special top-level code out to the Json:parseStart
function.
 2010-02-28 21:31:55 +00:00
david
dfe10a6866 Remove the call to test() at the end of json.lua, otherwise the test 
gets run (and output printed) whenever the module is loaded.
 2010-02-28 21:26:22 +00:00
david
e89094261d Add json.lua, couchdb-databases.nse, and couchdb-stats.nse, all by 
Martin Holst Swende.
 2010-02-28 21:25:01 +00:00
david
d9fd52c194 o Fixed the parsing of libdnet DLPI interface names that contain more 
than one string of digits. Joe Dietz reported that an interface with
  the name e1000g0 was causing the error message
    Warning: Unable to open interface e1000g0 -- skipping it.
  on Solaris 9. [David]
 2010-02-28 19:45:39 +00:00
kris
2e99f41bfd Remove VC++ pragma to disable C4244 warning. It looks like the code originally producing this warning was faulty and was fixed long ago. No other files use this pragma, and no warning is printed without it. 2010-02-27 21:00:23 +00:00
david
598d94f6f5 Return false in new_try handlers in proxy.lua, so that socket errors are 
reported to the caller like other errors are.
 2010-02-27 00:27:49 +00:00
david
ffb34b2259 Make sure port.service exists before passing it to string.match. This 
bug was reported by Brandon.
 2010-02-27 00:16:29 +00:00
david
c2a4f8b442 Quote string with Lua's %q format in nsedebug.tostr, so you can tell the 
difference between nil and "nil".
 2010-02-27 00:14:24 +00:00
david
49e36a57f3 Add a function free_services that tells Nmap to reload the nmap-services 
file again when it needs it. This is called from nmap_free_mem, because
cp_free (also called by nmap_free_mem) invalidates members of the
services data structures.

In normal use this doesn't matter. It only matters when reinvoking the
engine several times with --interactive.
 2010-02-26 22:29:03 +00:00
david
9f55412954 Initialize numhosts_up, numhosts_scanned, and numhosts_scanning in 
NmapOps::Initialize.
 2010-02-26 21:38:04 +00:00
david
dc45a0b8f8 Reinitialize scriptargs and chosenScripts in NmapOps::Initialize. 2010-02-26 21:34:13 +00:00
david
ba5e337db8 Reset port_list_count in PortList::freePortMap. 2010-02-26 21:25:41 +00:00
david
e32a406032 Fix code style in PortList::freePortMap. 2010-02-26 20:58:54 +00:00
kris
a42ea72a97 Merge through r16884 from /nmap-exp/kris/nse-rawip plus the following changelog 
entries:

o [NSE] Raw packet sending at the IP layer is now supported, in addition to
  the Ethernet sending functionality.  Packets to send start with an IPv4
  header and can be sent to arbitrary hosts. [Kris]

o [NSE] Added the ipidseq script to classify a host's IP ID sequence numbers
  in the same way Nmap does.  This can be used to test hosts' suitability for
  Nmap's Idle Scan (-sI), i.e. check if a host is an idle zombie.  This is
  the first script to use the new raw IP sending functionality in NSE. [Kris]

o [NSE] Added the function nmap.is_privileged() to tell a script if, as far
  as Nmap's concerned, it can do privileged operations.  For instance, this
  can be used to see if a script should be able to open a raw socket or
  Ethernet interface. [Kris]

o [NSE] Added the function nmap.get_ports() to allow a script to iterate
  over a host's port tables matching a certain protocol and state. [Kris,
  Patrick]
 2010-02-26 20:42:10 +00:00
david
480394756b Call CloseHandle on the hThread member of the PROCESS_INFORMATION structure we 
get back from CreateProcess. We were already closing hProc but hThread has to
be closed too to avoid a handle leak. See the code example at
http://msdn.microsoft.com/en-us/library/ms682512(VS.85).aspx.
 2010-02-26 01:57:05 +00:00
david
84a388aeb9 Give datafiles.lua the ability to parse nmap-mac-prefixes, and use it in 
nbstat.nse to look up the MAC vendor string.
 2010-02-26 00:27:30 +00:00
david
1f7e90a0af Add CouchDB and JSON scripts to TODO. They're almost done, I just don't 
want to forget about them.
 2010-02-26 00:24:24 +00:00
david
2099944ef0 Move entries in libdnet-stripped/NMAP_MODIFICATIONS to reflect recent 
upstream merges by Jay Fink.

http://code.google.com/p/libdnet/source/detail?r=654
http://code.google.com/p/libdnet/source/detail?r=655
http://code.google.com/p/libdnet/source/detail?r=656
 2010-02-24 01:54:56 +00:00
david
bf612ba7c9 o [NSE] Added the ssl-enum-ciphers script from Mak Kolybabi. This 
script lists the ciphers and compressors supported by an SSL/TLS
  server.
 2010-02-24 01:33:16 +00:00